Methods and Systems for Graphical Image Authentication

ABSTRACT

Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation-in-part patent application claiming the benefitof priority to U.S. patent application Ser. No. 11/420,061 filed on May24, 2006, which is hereby incorporated by reference herein its entirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention is directed to a method and system ofauthenticating identity to a computer system. In particular, the presentinvention is directed to a graphical image identity authenticationsystem.

2. Background

Computer networks, particularly those with global reach such as theInternet, have greatly influenced the way that individuals, companiesand institutions conduct transactions, and store and retrieve documents,images, music, and video. Convenience, ease of use, speed, and lowoverhead costs are contributing factors to the widespread use of theInternet for purchasing goods as well as conducting confidentialtransactions. Entire industries have emerged as a result of theevolution of the Internet.

Secure access to computer systems and computer networks has beentraditionally guarded with a username and password pair. This requiresthe user to protect the username and password from unauthorized use. Ifthe username and password are not protected, accounts and files can becompromised. Unfortunately, a number of rogue individuals andorganizations have emerged that are dedicated to fraudulently obtainingconfidential information for unauthorized or criminal activities.

A pervasive tool used in obtaining confidential information iskeystroke-logging software, which constitutes a program that monitorsand records what users type on their computers. Such software oftencomprises the payload of viruses, worms, Trojan horses, and other formsof malware. Keystroke-logging software can reveal what a user is typingon a computer without the user's knowledge of this event occurring.

Companies and institutions routinely use keystroke-logging software tomonitor employee activity. Also, families may use these types ofprograms to monitor children's online activities. The widespreadavailability of this type of software, however, has led to unauthorizedor criminal use, resulting in the alarming rate of identity theft seenthroughout the world.

Prime targets for these attacks are financial institutions, as more andmore consumers and businesses use electronic methods for purchasing andmaking payments. According to the American Banker's Association, cashand checks now account for only 45 percent of consumer's monthlypayments, down from 57 percent in 2001, and 49 percent in 2003. Thetrend is clearly in favor of electronic transactions, providing a widerfield for identity theft.

Login information may also be “heard” by sophisticated analysis of thedistinct sounds made by different keys. An inexpensive microphone near akeyboard can reveal most of what is being typed with a surprising degreeof accuracy

(http://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html).The present invention thwarts attempts to record the successfulcompletion to the login process, as the keystrokes typed cannot belinked to the user's true authentication parameters.

Login information is also vulnerable to simple spying or“shoulder-surfing,” as a person with malicious intent watches anunsuspecting user sign into his or her account. The present inventionemploys a method that significantly reduces the likelihood of asuccessful shoulder-surfing style of attack.

Additional security mechanisms are necessary in addition to theusername/password paradigm to provide stronger identity authentication.There have been various other attempts to do so.

Enterprises and institutions are using costly physical devices toidentify legitimate customers and users. The existing devices generate aunique pass code for each user every 30 to 60 seconds. If an attackermanages to intercept a user ID and password, the information cannot beused to access the site without an additional authentication identifierdisplayed by the device. The devices significantly reduce instances ofidentity or information theft, but present challenges for both theinstitutions and individual users.

The enterprise may meet with consumer resistance in implementing use ofthe physical device. If the user does not have the device, he or shecannot gain access to the site. Besides the tremendous initial cost ofpurchasing the physical devices and implementing the new system, if thedevice is lost, stolen, or damaged, the enterprise will incur even moresignificant costs. In the context of business use of the device, thecompany incurs the cost of lost productivity from a worker who cannotaccess company information, as well as the cost of replacing the actualdevice. In the context of consumer use, if the consumer cannot accesshis or her accounts because of a lost device, the direct costs, and moresignificantly the indirect costs incurred by the enterprise to assistthe consumer in gaining access far outweighs the advantages of using thedevice system.

In U.S. Pat. No. 5,559,961, Blonder provides a solution for utilizinggraphical passwords. The framework described displays a static image inwhich the user touches predetermined areas of the screen, called “tapregions,” in a particular sequence. As the user taps various areas onthe display, the regions tapped are successively removed from thescreen. These regions of the screen, and the order of the sequence theyare tapped, are chosen by the user during an initial enrollment phase.The sequence and regions of taps is stored in the system as the user'spassword. One shortcoming of this solution is the likelihood of ashoulder-surfing attack: once an attacker views a user entering thesequence by touching areas of the screen, he or she is then easily ableto replicate the sequence to successfully gain access to the user'saccount.

U.S. Patent Application Publication No. 2003/0191947 to Stubblefielduses inkblots as images for authentication of a user's identity whenlogging into computer systems. The authentication method described inthis patent provides for a display of a random sequence of inkblots thatthe user has identified when he or she enrolled his or her logininformation. One drawback to this process stems from the identificationof the inkblot. Although the user is required to identify and verify thealphanumeric text associated with the inkblots in the enrollmentprocess, the ineffable nature of inkblots will cause consumers problemsin remembering the code for their inkblot selections. A frustrated userwill simply save their password information on their computer, write theinformation down, or enter incorrect password information, which defeatsthe security offered by this system. Also, this process is veryintimidating for users, especially those who are neophyte users, becausethe inkblot is easily misconstrued as a myriad of different objects. Theinkblot is just that: a blot on a screen the user will associate with areal world object. If that user misinterprets or forgets the associationthey have made with the inkblot they are denied access to their system.More importantly, the sequence process significantly increases logintime for users. Currently, users are demanding more secure logintechniques, but they desire to maintain the same level of conveniencethat they currently enjoy with the username/password login process. Thisauthentication technique does not provide the ease of use that consumersdesire.

U.S. Patent Application Publication No. 2004/0230843 to Jansen, which isa login authentication process using a sequence of images selected bythe user, illustrates the potential of image-based authentication inprotecting users from identity theft. The authentication methoddescribed in this patent application begins with the user selecting animage theme, such as animals, and then selecting a sequence of imageswithin the image theme that becomes the password (e.g. if the categorychosen is animals, one possible sequence is horse, cat, dog, cat, cat,horse). The success of the login process is predicated on the user'sability to replicate the sequence of images he or she has chosen withinthe image theme. In other words, the user must memorize the propersequence. One drawback appears to be the complex nature of the sequenceprocess. As defined in the patent application, if a user feels that heor she will be unable to remember the password, the user will simplywrite down the password so that recall becomes unnecessary. Also,because the images are typically static (the user can elect to “shuffle”images between login attempts, but most will likely stay with the simpledefault configuration), software can be created to automate the process.In this scenario the authentication requires no human interaction tocomplete the login, which tremendously decreases the level of securityprovided. Although the positions of the images can be shuffled withinthe grid, the fact that they are static means that shuffling onlyprevents attackers from guessing the likely placement of the sequence,not the images themselves. Moreover, the traditional text password iscompletely removed from the login process, meaning that the securityoffered in this solution is only single layer, whereas authenticationprocesses that complement the existing login process provide multiplelevels of security.

U.S. Patent Application Publication No. 2005/0268100 and Publication No.2005/0268101 to Gasparini et al. discloses two way authenticationincluding images which serve as customization information so that anentity can authenticate itself to a user, but is otherwise dissimilar.

Because of these noted shortcomings, an improved system and method isneeded to create password values that are both exceedingly difficult foran intruder to compromise, while simultaneously easy for a user to applyand maintain.

SUMMARY OF THE INVENTION

The present invention provides a system and method for the secureidentity authentication to a computer system. It is a further object andpurpose of the present invention to provide an authentication andsecurity system, which requires graphical discernment of one or moreimage categories from a grid of distinct visual images. Various aspectsof the invention described herein may be applied to any of theparticular applications set forth below. The invention may be applied asa standalone authentication system or also as a revenue generatingadvertising component to an integrated authentication solution. Theinvention can be optionally integrated into existing business andauthentication processes seamlessly. It shall be understood thatdifferent aspects of the invention can be appreciated individually,collectively or in combination with each other.

An aspect of the present invention provides an enrollment mechanism andprocess for new or first-time users. During an enrollment stage, a userwill be required to select a series of one or more image categories,which will serve as the user's authentication sequence.

Another aspect of the invention provides systems and methods forproviding graphical image authentication of a user. An embodimentprovided in accordance with this aspect of the present inventionrequires the user to input a username at the point of user login. Aftervalidating the username, a grid of images corresponding to thepre-defined categories will be displayed. One image from each categorywill appear at a random location within the grid. If the number ofavailable categories exceeds the number of image positions in the grid,the displayed categories may be selected from the pool of availablecategories.

A preferable embodiment of the present invention overlays each imagewith a randomly generated sequence of one or more characters. Thissequence is known as an “image key” or “image identifier.” Within theimage grid, the user will identify the images corresponding to thepre-selected authentication sequence, and input each associated imageidentifier in the provided input field. In accordance with these andother embodiments of the present invention described elsewhere herein,the identity of a user can be authenticated by matching the imageidentifier(s) input by the user with the correct image identifiers(s)derived from the pre-chosen authentication sequence.

Another aspect of the present invention provides authentication systemsthat are essentially immune from attacks using keystroke loggers.Preferable embodiments of the invention include a corresponding imageidentifier for each image that is a randomly generated sequence of oneor more characters. There may be a predetermined mapping between theimage identifier and the image category established by theauthentication mechanism ahead of time. Meanwhile, during anauthentication process, a user may ascertain that mapping by graphicaldiscernment of the images. The authentication sequence can be input bythe user using or entering the series of one or more randomly generatedimage identifiers. Without the images displayed, the text entered by theuser will be effectively random characters and will not provide clues tothe authentication sequence of the user. Attackers will not be able toascertain the image category authentication sequence of a user bycapturing keystrokes. Preferable embodiments of the invention displaydifferent images with different randomly generated image identifiersduring a subsequent authentication process such that a previouslyobserved set of keystrokes or password will not be accepted. It shall beunderstood that as with other embodiments of the invention herein, thecombination of one or more image identifiers derived from a given set ofdisplayed images may preferably give rise to a new password at eachlogin or step in a process calling for authentication.

With respect to yet another aspect of the invention that providesmethods and systems for authentication, the risk of attacks involvingshoulder surfing is also mitigated. For example, traditionalusername/password authentication systems could be compromised ifattackers visually discern the keystrokes entered by the user during thelogin process. The present invention requires the attacker to visuallydiscern both the keystroke entered by the user in the form of imageidentifier as well as the graphical discernment of the images for themapping between image identifier and the image category. Theauthentication sequence of the user is compromised only if both forms ofinformation are captured. Accordingly, this aspect of the inventionincreases the difficulty in successfully executing such kinds of attackscommitted while users are entering password information.

In terms of brute force attacks, the search space for a preferableembodiment of the present invention that renders a grid of generatedimages during an authentication process is equal to:

(g)

n

where g is the number of elements in the image grid and n is the lengthof the authentication sequence to be entered by a user. For example, areasonable implementation of the invention may call for a grid size of16, and an authentication sequence length of 3. This would result in abrute force search space of:

16

3=4096

On average, the brute force attack would succeed after 2048 tries. Whilethis seems like a low number in the context of security algorithms, riskis mitigated by the nature of the algorithm as well as by additionalsafeguards. The mapping between the image identifier and the imagecategory in preferable embodiments of the invention requires graphicaldiscernment of images. Image identifiers could be obfuscated on theimage using captcha techniques, making them discernable only by humans.This means the brute force attack must be perpetrated by a human andcannot be automated. An automated agent could only randomly guess theimage identifier. Accordingly, the search space for the instance of thisbrute force attack is:

(r

1)

n

where 1 is the length of the image identifier, r is the range of theimage identifier (26 if it is case insensitive alphabetical, 96 if it isdisplayable characters), and n is the length of the authenticationsequence. A reasonable policy could call for an alphabetical imageidentifier of length 2. In this case, the brute force search space is:

(26

2)

3=308,915,776

If the captcha obfuscation could be defeated, it is still effectivelyimpossible with the current state of the art for automated processes torecognize the image category from a random image (i.e. recognize arandom image of a Ford Mustang® as an automobile). Therefore, automatedagents would not be able to perform a systematic brute force attack.They would have to enter random image identifier at each try. Thisattack would succeed on average after 4096 tries.

In accordance with another embodiment of the invention, the threat frombrute force attacks could be further mitigated by implementing a timedlockout policy after unsuccessful logins. A reasonable policy would beto temporarily disable the account for 10 minutes after threeunsuccessful logins in a row. On average, the time it would take tosucceed with a brute force attack would be:

(10 minutes)*(4096−3)=40930 minutes=28 days

Furthermore, the size of the image grid, the length of theauthentication sequence, and the lock out time could be increased toexponentially increase the brute force search time.

More preferable embodiments of the present invention can be implementedin conjunction with a traditional identity authentication paradigm suchas username/password as an extra layer of security, thereby increasingthe security provided by the overall system.

Another aspect of the invention provides systems and methods forsponsored authentication. In addition to providing authenticationsolutions to guard against fraud and other types of illegal activity,the invention may also facilitate advertisement campaigns by displayingimages, descriptions, and/or references supplied by or chosen byadvertisers. Preferable embodiments of the invention provide a series ofone or more graphical images displayed in a predetermined grid or otherarrangement for viewing by the user. Because the user is conducting anauthentication process, it is highly likely that the user is givinghis/her full or undivided attention to the graphical image and itscorresponding image identifier. This level of attention and ability totarget advertising based on a preselected category of images by a usercreates a powerful marketing and advertisement opportunity. Preferableembodiments of the invention may be extended by replacing or augmentingthe images in the image grid with audio, video, or other forms of mediaor multimedia. This aspect of the present invention provides a number ofother preferable embodiments or models as set forth in further detailherein.

Other embodiments of the invention provide systems and methods thatallow secured data and/or password entry to computer-based systems, suchas for example, networked computer systems, automated teller machines(“ATMs”), mobile telephones and devices, personal digital assistants(PDAs including Blackberry or similar devices with e-mail and Internetaccess capabilities), and online retail web sites and banking services.Many of the computer-based systems used today which rely on singlefactor authentication such as entering a password or access code whichcan be modified in accordance with the invention in order to providestronger authentication before allowing access to secured informationand resources. For example, in an office computer environment withaccess to a computer network such as a wide area network (“WAN”) or alocal area network (“LAN”), access by individual users to the computernetwork can be controlled by dynamic graphical password systems providedherein. Access can be provided at a local node or other such clientcomputer within the network such as user personal computers (“PCs”).Such systems with display capabilities may identify the user to thenetwork by accepting a user name or initials (which may be referred toas the “User ID”), and then authenticate the user upon entry of one ormore appropriate password elements derived from an dynamic arrangementof graphical images such as a visual grid.

For online applications, a user may seek to obtain access to a securenetworked resource, such as a World Wide Web (“Web”) site on theInternet or other online service. This may include access to onlinebanking services or other information subject to restricted access.Furthermore, the user may want to shop for and purchase a product orservice available via a retail Web site. The user may be authenticatedin accordance with the concepts of the dynamic graphical imagearrangements described elsewhere herein before gaining access to asecured resource or conducting an online purchase requiring entry ofcredit card number or similar information to make a transaction.

In an ATM system, a user typically will be provided with a card having areadable magnetic strip which identifies the user to the ATM network.Instead or relying upon a conventional static personal identificationnumber, or PIN, which must be entered by the user, an arrangement orgrid of dynamic graphical icons can be presented such that correspondingpassword elements corresponding to icons falling within anauthenticating category can be entered by the user. As described in thevarious authentication methods and systems provided herein, the passwordelement(s) can be different between logons or transactions. The passwordelement(s) may be entered through an alphanumeric keypad ordinarily usedfor PIN entries. After the one or more password elements are verified,the user can then be granted access to bank accounts in order to conducttransactions such as withdrawal of cash and a wide range of otherbanking activity, including online banking transactions. For example,digital representations or images of financial documents or instrumentssuch as checks can be displayed to a user following authentication. Acashed check can be displayed to the user after processing by knowncheck imaging systems (e.g., Merchant Capture) that may transform paperchecks into images. Additionally, other forms of electronic or AutomatedClearing House (ACH) payments can be authorized by the user followingauthentication. It shall be understood that financial transactions andother forms of secured network activity including e-commerceapplications can be made more secure in accordance with the invention.

Secured systems such as the ones described above and others can beguarded against fraud and theft by implementing dynamic graphicalpassword systems provided herein. Because password elements within agraphical image arrangement preferably change in between sessions ortransactions, there is no imminent breach of or loss of security even ifa perpetrator observes entry of the actual password sequence. Someoneobserving entry of the password elements by the user cannot readilydetermine the relevant authenticating category or logic behind thepassword based on observation of the key entries alone since thelocations and selection of the graphical images or icons are preferablyrandomized. Moreover, the selection of displayed graphical images, theirpositioning within an arrangement or grid, and their correspondingpassword elements, are preferably varied between authenticationprocesses. The user does not have to memorize exact password charactersbut can rather look for graphical images falling within a selectedauthenticating category and enter in corresponding password elements asto those images only. Accordingly, various types of theover-the-shoulder attacks can be defended against by applying these andother concepts of the invention.

Other goals and advantages of the invention will be further appreciatedand understood when considered in conjunction with the followingdescription and accompanying drawings. While the following descriptionmay contain specific details describing particular embodiments of theinvention, this should not be construed as limitations to the scope ofthe invention but rather as an exemplification of preferableembodiments. For each aspect of the invention, many variations arepossible as suggested herein that are known to those of ordinary skillin the art. A variety of changes and modifications can be made withinthe scope of the invention without departing from the spirit thereof.

INCORPORATION BY REFERENCE

All publications and patent applications mentioned in this specificationare herein incorporated by reference to the same extent as if eachindividual publication or patent application was specifically andindividually indicated to be incorporated by reference.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a simplified flowchart diagram of an enrollmentprocess used in connection with the present invention directed to agraphical image authentication and security system;

FIG. 2 illustrates a simplified flowchart diagram of a preferredembodiment in accordance with the present invention directed to agraphical image authentication and security system;

FIG. 3 illustrates a simplified flowchart diagram of an alternateembodiment of the present invention; and

FIGS. 4 and 5 illustrate examples of screen displays that would beincorporated as a part of the present invention as shown in FIGS. 2 or3.

FIG. 6 illustrates a display device for rendering an arrangement oficons.

FIG. 7 shows a dynamic graphical password grid that includes variousgraphical images corresponding to advertisement campaigns.

FIG. 8 is a flowchart describing methods of authenticating users inaccordance with the invention.

FIG. 9 is an illustration of client/server architecture for userauthentication over the Internet.

DETAILED DESCRIPTION OF THE INVENTION

The embodiments discussed herein are merely illustrative of specificmanners in which to make and use the invention and are not to beinterpreted as limiting the scope of the instant invention.

While the invention has been described with a certain degree ofparticularity, it is to be noted that many modifications may be made inthe details of the invention's construction and the arrangement of itscomponents without departing from the spirit and scope of thisdisclosure. It is understood that the invention is not limited to theembodiments set forth herein for purposes of exemplification.

The present invention provides a method and system for user identityauthentication to a computer system which requires users to select anauthentication sequence based on categories during enrollment andrecreating the authentication sequence during login by graphicallydiscerning images belonging to the previously selected categories.

Referring to the drawings in detail, FIG. 1 illustrates a simplifiedflow chart diagram of an initial enrollment process in order to enroll auser to utilize the present invention. During enrollment, the user shownas 2 will be presented with an initial enrollment screen in box 4 wherethe desired username is entered in diamond 6. After the username isgranted, a second enrollment screen in box 8 is presented to select thetraditional password and the image category authentication sequence forthe system. The authentication information is entered in diamond 9 andstored into the authentication database in box 10.

Referring to the drawings in detail, FIG. 2 illustrates a simplifiedflowchart diagram of a preferred embodiment of the present invention. Inthis embodiment, a graphical image authentication and security system isused in conjunction with a traditional username/password authenticationparadigm to increase the overall level of security in a system. Theoverall process includes a number of discreet steps to authenticateidentity to a computer system. By way of example, but not limitation,the computer device operated by the user may include a personal computer(PC) having a central processing unit (CPU), a keyboard or other inputdevice and monitor; a personal digital assistant (PDA); a user terminalat a bank automated teller machine (ATM); a cellular mobile telephone;or other device.

The user 12 will enter a first login account identifier, such as his orher username, and a traditional password, represented by diamond 14 inan input device such as a keyboard. By way of example, the username maybe a series of alphanumeric characters, as is well known. By way ofexample, the password may be a series of alphanumeric and specialcharacters, as is well known. (FIG. 4 shows an example of thetraditional username/password login screen.)

The username/password is validated in box 16. If the authenticationfails because of the username/password entered, a fake grid of imagesthat appears normal is displayed as shown at box 20, the user will beable to enter an image identifier normally at diamond 22 however anyauthentication attempt fails as shown at reference numeral 26. If theusername/password pair is authenticated, an image grid will be generatedand displayed at box 34. The cells of the grid will display images fromdifferent categories (such as those in FIG. 5). The location of thecategories in the grid is randomized. The specific image for eachcategory is chosen randomly from a database of images for that specificcategory. Each image will be overlaid with a unique randomly generatedimage key. Captcha techniques could be employed to obfuscate image keysso they are not machine-readable. This would require human perceptionand cognition to mediate the login which could prevent automated bruteforce attacks on the authentication process.

The user will select the image on the grid according to the categoriesin their authentication sequence by entering the image key overlaid onthe images, box 36. The sequence of image keys is sent to theauthentication server for validation, box 38. If the image keys arevalidated, the authentication concludes successfully, box 40. If theimage keys are not validated, authentication fails and the login processmust be reinitiated. A timed lockout of 10 minutes as shown by 18 isapplied after three unsuccessful logins to mediate the threat from bruteforce attacks that attempt to guess an authentication sequence.

FIG. 3 illustrates an alternate embodiment of the present invention thatextends the preferred embodiment from FIG. 2 to incorporateadvertisements. The enrollment process for this embodiment will beidentical to that of the previously described embodiment illustrated inFIG. 1, and the login process is also similar to that illustrated inFIG. 2. The user 42 will enter a first login account identifier, such ashis or her username, and a traditional password, represented by diamond44 in an input device such as a keyboard. By way of example, theusername may be a series of alphanumeric characters, as is well known.By way of example, the password may be a series of alphanumeric andspecial characters, as is well known. The username/password is validatedin box 46. If the authentication fails because of the username/passwordentered, a fake grid of images that appears normal is displayed as shownat box 48. While the user will be able to enter image identifiers in aseemingly normal manner at diamond 58, any authentication attempt failsas shown at reference numeral 68. If the username/password pair isauthenticated, an image grid will be generated and displayed at box 50.

FIG. 4 shows an example of a traditional username/password login screenthat may be displayed to a user for entry of authentication informationin any of the embodiments of the invention described herein.

As shown on FIG. 5, the cells of an image grid will display a variety ofimages from different categories. The location of the categories in thegrid is randomized. The specific image for each category is chosen froma database of images for that specific category. Each image will beoverlaid with a unique randomly generated image key. Captcha techniquescould be employed to obfuscate the image key so that it is notmachine-readable. This would require a human to mediate the login andprevent automated brute force attacks on the authentication process.

An ancillary benefit of the present invention stems from the requirementof the user to view each of the visual images to determine which imageis in the user's category. Advertising opportunities are presented foradvertisers to display products in an array of images. The user cannotignore the advertising, since the user must view and discern each of theimages presented during authentication in order to choose theappropriate user selected image category.

The images in the database for this embodiment will containadvertisement images provided by advertisers. The image selected to bedisplayed on the grid will be based on the websites, the advertisementcampaigns, and other parameters. The image grid displayed in box 48 and50 will behave identically. The diamond in 54 is abbreviated andembodies 52, 60, and 56. When the user places the cursor over the imageas in 52, additional information and links about the advertisement willbe provided (which could otherwise be displayed automatically withoutcursor movement by the user). If the user chooses to follow anadvertisement link, the destination of the link will open in a newwindow as shown in 60. When the user finishes browsing the advertisementwebsite, the user will return to the log in screen through diamond 58.The user would not need to reenter the username and password afterviewing an advertisement link, or in an alternative embodiment, the userwould have to reenter authentication information after viewing anadvertisement link, preferably when a predetermined amount of time haspassed for security purposes. When the user finishes viewing theadvertisement link, the image grid is refreshed and displayed again in48 and 50 respectively.

In the case where the username/password is validated at 50, the userwill select the image on the grid according to the categories in theirauthentication sequence by entering the image key overlaid on theimages, box 64. The sequence of image keys is sent to the authenticationserver for validation, box 66. If the image keys are validated, theauthentication concludes successfully, box 70. If the image keys are notvalidated, authentication fails at 68 and the login process isreinitiated. A timed lockout of 10 minutes is applied after threeunsuccessful logins to mediate the threat from brute force guessing ofthe authentication sequence, box 72.

As shown in FIG. 5, a preferable embodiment of the invention provides anauthentication system that generates an arrangement of dynamic images.Unlike a conventional static username and password model developeddecades ago, the arrangement of dynamic images may preferably provide auser with a one-time or persistent access code that can be entered atthe last minute, and just in time for login. The images in thearrangement, which may be arranged in what may be characterized as adynamic image grid pattern, can be different and/or arranged differentlyeach time a user logs in or performs some other action requiring anauthentication process. However, the user knows which image(s) to lookfor and select within the arrangement because the images are based upona preselected category designated by the user or third party during anenrollment process as described elsewhere herein. While a series of oneor more graphical images within an arrangement can be dynamicallyaltered in between logins or authentication processes, the preselectedcategory can remain the same from the perspective of the user so long asdesired or permitted according to established guidelines. So even ifstronger authentication is provided in accordance with this embodimentof the invention, which eliminates any reliance on statichard-to-remember passwords or challenge questions, it may be preferredfor certain applications to require a user nonetheless to renew or pickanother category of images as the basis for a password or access codewhen desired (change password option) or after a specified length oftime (automatic expiration of passwords that provide a number ofopportunities to voluntarily change the category before it is mandatorypursuant to an established protocol).

For example, in a preferable embodiment of the invention, the categoriesof images displayed within a dynamic image arrangement may include thefollowing: horses, flowers, mountains, money, objects in space, boats,airplanes, golf and cars. The image of an object falling within each ofthese categories can be shown in a predetermined arrangement such as a3×3 grid or a tic-tac-toe grid for preferable embodiments of theinvention. When the user registered his username during enrollment, acategory was chosen or designated by the entity requestingauthentication such as a financial institution.

The basis for a user selection could be some thing(s) that could beeasily remembered by that person or something of interest such as cars,for example. During a login process, the user can look for and find anyimage(s) displayed within the arrangement falling within the selectedcategory of cars. In spotting an appropriate image within this, the useris able to view an access code corresponding to the image representingthe category. That access code becomes the password or portion of apassword to the user for logging onto the system or during thatparticular authentication process. Meanwhile, during a subsequentprocess or next login, a variety of images falling within the selectedcategory and non-selected categories will be arranged, preferably in arandom manner. The images representing these categories can be randomlychosen among dozens, hundreds or more images in each category. Becausethe images appear and move randomly throughout the dynamic imagearrangement between logins or between authentication processes, andbecause the images representing any category can be different each time,human-level cognition is needed to enter a series of one or more accesscodes through the authentication system. Since the access codescorresponding to the images are preferably different with each login orauthentication process, even if the user is being keystroke logged, thekeystrokes observed are useless on future login or authenticationattempts. Moreover, the basis for selection by the user of the accesscodes and corresponding images is relatively difficult to identify. Itmay not be readily apparent to an ordinary observer (or fraudster) as towhat is the reference point to the user or why a user selects certainimages over others. Without explicitly revealing the authenticatingcategory (shared secret), the user is therefore able to complete anauthentication process with added security.

Other embodiments of the invention provide dynamic graphical passwordauthentication solutions which include some of the features described inthe aforementioned processes and systems. These authentication systemsand methods can provide stronger user authentication to reduce the riskof unauthorized access to or use with online accounts, Web sites orresources available on the Internet or enterprise network systems. Thegraphical passwords provided in accordance with this aspect of theinvention include images or icons corresponding to one of any number ofselected categories which forms the basis of authentication.

As shown in FIG. 6, for example, one or more graphical images such asicons can be displayed to a user on a display device according to apredetermined arrangement or pattern. For each displayed icon (Icon #1,#2 . . . ) within a display image, there may be a corresponding accesscode or password element (PE1, PE2 . . . ) shown to the user. The seriesof one or more password elements can be therefore entered by the user asa password for that particular authentication process. However, the samepassword or combination of password elements does not work for asubsequent authentication process in accordance with a preferableembodiment of the invention. Rather the selection of displayed iconsthemselves, their arrangement or location within a pattern, and theircorresponding password elements are preferably different each time inorder to create dynamic one-time graphical passwords. It shall beunderstood that as with other embodiments of the invention herein, eachor all of these properties are not required to be dynamic and may bestatic (the same) instead during or in between authentication processes.

The series of one or more graphical images and corresponding passwordelements that make-up dynamic passwords are preferably changed betweeneach authentication processes. But the authenticating category of imagesremains the same or unchanged for the user until an authorized change ismade. The authenticating and non-authenticating categories of graphicalimages are not limited to particular objects only but can include anyvariety of themes or topics. This allows a wide variety ofeasy-to-remember categories which avoids requiring a user to memorizeconventional character-based character strings or having to entercharacters generated periodically by separate hard tokens (e.g., RSASecureID tokens) since the password elements are displayed concurrentlywith intuitive corresponding graphical. images. The graphical images oricons with respect to FIG. 6 are displayed to a user and may serveindirectly as constantly-changing yet identifiable reference points topassword elements. It shall be further understood that the one or moregraphical images may be organized in a selected arrangement such as aseries of rows and columns (matrix), arrays or any other pattern withina display image.

For example, the display device illustrated in FIG. 6 may receiveinformation to render a display image with two icons and twocorresponding password elements. Icon #1 may be an image of a RollsRoyce, while Icon #2 may be an image of a banana. In addition, Icon #1may include and display a corresponding PE1 that is “AB” and Icon #2 mayinclude and display a corresponding PE2 that is “CD.” During anenrollment process such as those described elsewhere herein, a user thatselected automobiles as an authenticating category would enter inpassword element “AB” for authentication. Meanwhile a user that may haveselected fruits as an authenticating category would enter “CD” forauthentication. An authentication server system (not shown) connected tothe display device can compare the selected password elements against areference password generated for that authentication process. Asdescribed elsewhere herein, the reference passwords may be generated bya variety of random number or character generator programs. Accordingly,a perpetrator or even an authorized user would not know what passwordelements to enter prior to viewing the display image, but only the userwould preferably know the authenticating category and look for intuitivegraphical icons corresponding thereto while ignoring those fromnon-authenticating categories. Preferable embodiments of the inventionwould render each time different types of icons to the user within aparticular authenticating category and/or different password elements(alphanumeric characters, symbols). During a subsequent session oranother authentication process, the authentication systems and methodsherein can generate another series of icons in a different randompattern on the display device, preferably with a different display imagebackground, and preferably with different icons corresponding to bothauthenticating and non-authenticating categories.

Another embodiment of the invention may capitalize on the focus andattention of users during an authentication process for advertising andmarketing purposes. For example, as shown in FIG. 7, a dynamic graphicalimage grid can be displayed having a plurality of advertisements ormessages paid by sponsors or advertisers. As part of an advertisement(ad) campaigns for a company, one or more advertisements can beintroduced into the authentication systems and methods herein. Suchadvertisements or sponsored messages can serve the dual-purpose ofauthentication and generating advertising revenue. The advertisements ormessages themselves can function as the graphical images viewed by userswhich fall into authenticating and non-authenticating categories. Whileuser attention may be greater for advertisements relating to anauthenticating category for the user, advertisements relating tonon-authenticating users are also valuable as they too are displayed.

A dynamic image grid as shown in FIG. 7 may include a selectedarrangement of advertisements (ads) that may be rendered during eachauthentication process for different users. The arrangement may includeany number of ads displayed for viewing, but a preferable embodiment ofthe invention is shown having nine (9) ads arranged in a 3×3 grid(AD1-9) each having a corresponding password element (PE1-9). Because ofthe wide range of both authenticating and non-authenticating categoriesthat is available for carrying out the invention, each category presentsadvertising opportunities within many different channels. For example, acategory may be selected such as automobiles. AD1 and AD9 may thusinclude ads for cars sold by Car Manufacturer #1 (e.g., Ford). AD2 andAD8 may include ads for bottles of wine sold by Wine Maker #1 (e.g.,Gallo), and AD3 and AD7 may be ads for cosmetics sold by CosmeticsCompany #1 (e.g., Avon) etc. Upon presentation of the dynamic imagegrid, a user who selected or was assigned an authenticating category ofautomobiles would type or enter within a PASSWORD field the charactersdisplayed for PE1 and PE9. When an authenticating category is wine, theuser would select PE2 and PE8. When cosmetics are chosen theauthenticating category, the user would select PE3 and PE7. While someof the preceding examples describe the use of passwords composed of twoor three password elements, it shall be understood that any number ofone or more password elements may be used for authentication.

Furthermore, ads may cross numerous markets such as consumer productswhen a user selects a theme such as “red” or “things that are red.” Forexample, the authentication password would be the combination ofPE1+PE2+PE3 when AD1 is a red Mustang, AD2 is a bottle of cabernetsauvignon, AD3 is a tube of lipstick. In addition to ads, this aspect ofthe invention can be applied to other embodiments of the inventiondescribed herein which provide arrangements of dynamic graphical imagesor icons. Rather than categorizing an object to be displayed based onwhat it is—the thing itself—alternative embodiments of the invention mayinclude categories of graphical or visual images, icons or ads that arebased on some common attribute, feature, theme or characteristic of thedisplayed object—something about the thing. For example, a user mayselect an authenticating category based on a certain “attribute” aboutthe (displayed images) such as “things featuring water” (a beach, apool, rain, bottled water), “things that are round” (a golf ball, a hotair balloon, a tire), “things that are blue” (a clear sky, a bluetropical fish, a blue shirt, a recycling bin for glass/plastic), and“things made of wood” (a baseball bat, a log cabin, a tree, a forest).Accordingly, advertisers may be provided the opportunity to present adiverse range of product ads that can be grouped into one or moreselected categories according to some commonality that also serves as ashared secret between a user and a third party for purposes ofauthentication.

It shall be understood that ads or graphical images herein may fallwithin one or more categories available as a way to authenticate aperson. Ads or graphical images can be also displayed more often withinregularly scheduled display cycles even if they are withinnon-authenticating categories. The ads or graphical images that areselected for display within an arrangement or grid may neverthelesscapture the attention of users even if they do not necessarily fallwithin an authenticating category since graphical images or ads fornon-authenticating categories are also displayed.

As with other embodiments of the invention, the sequence in which thepassword elements (image identifiers) are entered may be of consequenceor not depending upon the desired level of authentication. When theirorder or sequence matters (e.g., PE1+PE9), then typically strongerauthentication is offered when compared to authentication where orderdoes not matter and can be completed with any sequence of one or morepassword elements (e.g., PE1+PE9 or PE9+PE1). In preferable embodimentsof the invention where specific sequences of entering the passwords arerequired, then either an intuitive or explicit order of entry can beprovided to the user. For example, when presented by a 3×3 grid suchinstruction may not be required as the user may be reminded of atelephonic keypad with consecutive numbers 1-9. The order of entry maybe therefore entering characters within password elements from top tobottom of the display, and from left to right.

FIG. 8 is a flow diagram describing another aspect of the invention thatprovides various methods of authentication using dynamic graphicalimages. A plurality of graphical images may be stored within a databaseor a computer memory that correspond to one or more availablecategories. From the numerous available categories, a user may designatean authenticating category from the plurality of categories during anenrollment process. During an authentication process, a dynamicgraphical image arrangement may be generated by a server systemcontaining at least one graphical image, and at least one correspondingimage identifier or password element. For example, a random passwordgenerator may construct a reference password to be used for anauthentication process, such as “4847.” Each character or digit withinthe password may be assigned as the image identifier (or part thereof)to preselected images falling with the authenticating category. A seriesof other graphical images from non-authenticating categories may be alsoassigned non-authenticating image identifiers to fill-out thearrangement. The server system may be instructed to randomly select (ornot) the pattern in which to present the graphical images to the user.The graphical images falling within the authenticating category may berandomly (or not) positioned within the arrangement, and theircorresponding image identifiers are displayed too. Furthermore, thegraphical images from non-authenticating categories can be randomly (ornot) positioned within remaining portions of the arrangement. Forexample, four (4) graphical images of one or more cars can be displayedas part of an authenticating category of automobiles, each having acorresponding image identifier “4,” “8”,“4”, and “7.” In an embodimentof the invention where a 4×4 image grid is provided (16 graphical imagestotal), twelve (12) graphical images from non-authenticating categoriesare displayed to fill-out the arrangement which preferably have nothingto do with automobiles. The image identifier information and associateddata for the generated arrangement is then stored by the server systemin a memory. The arrangement or layout of the graphical images, theimages themselves, and the characters of the displayed imageidentifiers, are preferably different between authentication processes.Alternatively, any or all of these properties may remain the same(static) in between authentication processes. The authenticatingcategory can remain the same until an authorized change is made whichcan be accomplished in a manner similar to the enrollment processdescribed above.

During an authentication process, the arrangement of dynamic graphicalimages can be delivered and presented to a user on a display device ordisplay within the client system. The user may input the one or moreimage identifiers (e.g., 4-8-4-7) corresponding to the graphical imagesfalling within the designated authenticating category. The client systemreceives the input from the user, and transmits it to the server system,which compares the image identifier information to the stored referencepassword (e.g., 4847). When the user input matches the referencepassword stored in the server system, authentication can be completedand access granted to the requested resource, online account or anyother secured information. When image identifier information or apassword does not match the references password, then access is denied.As with other embodiments of the invention, a user may be also permitteda predetermined number of attempts before account lock-out or any otheradministrative action is instituted such as the implementation ofnetwork security measures indicating the possibility of hacking orattacks.

FIG. 9 illustrates an authentication system provided in accordance withanother embodiment of the invention. A server system may include or beconfigured as an authentication server that generates an arrangement ofpseudo-randomly positioned images or icons each associated with apassword element. The arrangement may include one or more authenticatingimages, which form at least part of an authenticating sequence, plus oneor more non-authenticating images or icons that do not form at leastpart of the authenticating sequence. Thereafter the arrangement can besent to the client system for display on a display device. The user mayselect or input the image identifiers or password element(s)corresponding to the images or icons selected within the arrangement.Selected password elements can then be communicated by the client systemto the server system. The server system can compare the user selectedpassword elements relative to a reference password, and further analyzerelated information with any other associated authentication data thatmay be stored in a memory within the server system. The authenticationsystem may be configured to accept either a sequential or non-sequentialentry of password elements in order to properly authenticate a user.Upon the correct entry of the one or more password elements, whichmatches the reference password, authentication of the user can becompleted.

As with some of the other embodiments of the invention herein, the term“password” can be described as a form of secret authentication data thatis used to control access to a resource. It need not be an actual wordand can be a series of one or more alphanumeric characters or symbols,for example. In controlling access to resources, there are oftentrade-offs between security and convenience. The accessibility ofpassword-protected systems can depend on a variety of parameters takinginto consideration the level of security desired. While earlier forms ofpasswords may have been limited in the possible number of characters ornumbers (e.g., max. four or five numbers only), there are very fewlimitations to available passwords today which could also beincorporated into the methods and systems provided herein (e.g.,combination of numbers and upper/lower case letters with characterlengths of 6, 7, 8, 9 or more, symbols, punctuation, and device inputs).Moreover, selected password strengths may be chosen for differentapplications in accordance with the invention. For applications that maynot require stronger security, a relatively weak password can be adoptedfor the sake of convenience that prompts users for entry of only a fewcharacters or password elements. For applications that may requirestronger security, a relatively strong password can be adopted thatincludes a longer string and/or combination of characters to betterwithstand a brute force attack based on subsets of words from adictionary or similar source. Furthermore, a pseudo-random or randompassword generator may be incorporated with the invention that can beprovided as a software program and/or hardware device. In someinstances, an input is received from a random or pseudo-random numbergenerator which in turn creates a password. A variety of known randompassword generators may be selected for the authentication systems andmethods herein that can generate a string of characters etc. of anydesired length. It shall be understood that selected passwords andpassword generation programs can be customized or modified to complywith established or desired password policies setting forth the kinds ofpassword elements that can be used or combinations thereof to produce amix of letters, numbers, symbols, characters etc.

The authentication systems provided herein may include a client systemwith which a user interacts, and a server system to which the user wantsto gain access.

The server (system) may control access to a resource, a database or filesystem, or a private communication channel. The server may also includea computer readable memory, a comparator and a communications interfacesuch as a modem or network adapter with appropriate software driversthat support communication with the client system over a communicationssystem. The server system may further include a secured network, filesystems or resources and information stored in databases as describedelsewhere herein. The databases may contain one or more libraries ofgraphical images or icons that can be displayed for authentication andother purposes (e.g., advertising). The server system may also includenumerous devices such as file servers (Web site servers), authenticationservers, password databases, repositories or databases of graphicalimages or icons that may be identified as part of authenticating andnon-authenticating categories.

A memory device in the server system may store information regarding therelationship between the graphical images and image identifiersdisplayed to a user during authentication. A memory look-up table can beused to store this information for mapping this information. The memorymay be implemented using random access memory (“RAM”), flash memory,disk drives or any other rewritable memory technology. In someapplications, the memory may also be implemented using non-rewritablememory such as read only memory (“ROM”) chips.

The client system may include various devices such as a desktop orlaptop computer, a PDA, an ATM, or any device capable of displayinggraphical images having a key entry pad or keyboard for entering data. Aclient system device preferably includes an input device, a displaydevice and an appropriate communications interface which allows datafrom the input device to be transmitted to the server system. Thecommunications interface might include a modem, network adapter, radiotransmitter/receiver, or other such communications devices, along withappropriate software. The display device may be any type of displaycapable of displaying various graphical images or icons, such ascomputer monitors and flat panel displays. The input device may acomputer keyboard or a keypad, or other such entry system that allowsimage identifiers or password elements to be entered.

Furthermore, the client and server systems can communicate over avariety of telecommunication systems including wireless networks. Thetelecommunications system may also include a variety of datacommunications systems generally known in the art such as a LAN, a WAN,a wireless system such as cellular, satellite and personalcommunications services (“PCS”) systems, or a dedicated line orconnection. In this regard, it is noted that the references to serverside and client side herein do not require a direct communicationtherebetween and intermediate computers may be present. Moreover, acomputer acting as a server could transmit information to anintermediate computer which could then transmit the information toanother computer where the user enters data. The terms “client” and“server” as used herein are general and are not limited to so-called“client/server” systems. It shall be further understood that referencesto a server and a client also may apply to a peer-to-peer system orarchitecture with any two communicating computers, where at least onesuch computer controls or possesses a resource, and another computer isused to access the resource.

As shown in FIG. 9, a user may select a device (client) on which toaccess a secured resource or information stored on a server system. Theuser may be identified by the server system with an account number, nameor other user identification information. When the server systemdetermines the user is a recognized user, it can generate a displayimage including an arrangement of dynamic graphical images or iconsarranged for presentation on the display device.

As with other embodiments of the invention, the server may generate thedisplay image by selecting, pseudo-randomly in a preferable embodiment,graphical images based on prior user selection or otherwise of anauthenticating category. Alternatively, display image may bepre-generated or displayed according to a pre-established routine orcomputer program, and stored in a database system. The display image andgraphical display images or icons may be implemented as a bit mappedimage, a raster image or in any other suitable image file format.

The display image may also include image identifiers corresponding toeach of the graphical images or icons displayed. The user may input animage identifier sequence corresponding to graphical images within anauthenticating category. In a preferable embodiment of the invention,the arrangement of the images is pseudo-randomly varied with each serveraccess request. In addition, the particular images/scheme and imageidentifiers presented in the display image may be varied with eachauthentication process.

In order to enter user password information or other authentication datain accordance with this embodiment of the invention, the appropriateimage identifiers for authenticating images within the display image areidentified by the user. The user enters on the input device the imageidentifiers by the user and communicated to the server system. For somepreferable embodiments of the invention, the sequence in which thepassword information is entered is important in which case the userunderstands or is advised of the order of entry (left to right, right toleft, top to bottom, bottom to top). The server system utilizes acomparator to compare the selected image identifiers with referencepassword information as described elsewhere herein. The comparator inthe server system can compare the one or more image identifiers enteredby the user to reference password information to determine whether theycorrespond to each other and match. If so, the user will be allowedappropriate access to the server system. It shall be understood that thecomparator, and other components to the aforementioned client/serversystems implemented in any of the authentication systems and methodsherein, may incorporate software using techniques known in the priorart.

Many embodiments of the invention can provide dynamic imageauthentication arrangements that can be incorporated into existingauthentication systems for preventing unauthorized access. Because cybercrimes often begin with unauthorized users gaining access to accounts toonline accounts and applications, concepts of the invention herein canbe implemented to create a first line of defense that provides strongeruser authentication. Various embodiments of the invention provide securelogin routines for user authentication that are effective against manyprevalent forms of hacking, including historic threats like phishing, aswell as new and growing threats like brute-force attacks, keystrokelogging, and man-in-the-middle (MITM) spying. Additional embodiments ofthe invention can be modified for a variety of applications includingnetwork login, virtual private network (VPN) access, and web-basedapplications and websites.

It should be understood from the foregoing that, while particularimplementations have been illustrated and described, variousmodifications can be made thereto and are contemplated herein. It isalso not intended that the invention be limited by the specific examplesprovided within the specification. While the invention has beendescribed with reference to the aforementioned specification, thedescriptions and illustrations of the preferable embodiments herein arenot meant to be construed in a limiting sense. These are described asexamples in relation to the drawings attached hereto and furthermodifications, apart from those shown or suggested herein, may be madewithin the spirit and scope of the invention. Furthermore, it shall beunderstood that all aspects of the invention are not limited to thespecific configurations set forth herein which depend upon a variety ofconditions and variables. Various modifications in form and detail ofthe embodiments of the invention will be apparent to a person skilled inthe art. It is therefore contemplated that the invention shall alsocover any such modifications, variations and equivalents.

1. A method for authenticating a user comprising the following steps of:generating at least one dynamic graphical arrangement of images having:at least one image selected from an authenticating category of graphicalimages; and at least one image selected from a non-authenticatingcategory of graphical images, each image having a corresponding accesscode; presenting the dynamic graphical arrangement of images to a user;receiving as input from the user the series of one or more access codescorresponding to images from the authenticating category of graphicalimages; and comparing the series of one or more access codes to anauthenticating reference code to authenticate the user.
 2. The methodfor authenticating a user as recited in claim 1 further comprising:denying access to the user if the input is determined not to match theauthentication reference code.
 3. The method for authenticating a useras recited in claim 1, wherein the dynamic graphical arrangement ispresented on a display corresponding to a computer device that providesuser access to confidential information.
 4. The method forauthenticating a user as recited in claim 1, wherein the plurality ofgraphical images comprises images that are presented to the user for apurpose in addition to authenticating the user.
 5. The method forauthenticating a user as recited in claim 4, wherein the purpose inaddition to authenticating the user is advertising.
 6. The method forauthenticating a user as recited in claim 1, wherein the dynamicgraphical arrangement of images is presented to the user on a mobiledevice display.
 7. The method for authenticating a user as recited inclaim 1, wherein the images selected from an authenticating category ofgraphical images are randomly arranged within the dynamic graphicalarrangement of images.
 8. The method for authenticating a user asrecited in claim 1, wherein the access codes for the images selectedfrom the authenticating category are randomly selected.
 9. The methodfor authenticating a user as recited in claim 1, wherein the images fromthe authenticating category are randomly selected.
 10. The method forauthenticating a user as recited in claim 1, wherein the authenticatingcategory is preselected by the user from a plurality of differentcategories.
 11. A method for authenticating a user comprising thefollowing steps: selecting a series of one or more graphical images eachhaving a corresponding password element, wherein each graphical image isselected from an authenticating category and a non-authenticatingcategory of images; presenting the series of one or more graphicalimages on a device display; and receiving a password entry from a usercomposed of the password element corresponding to at least one graphicalimage corresponding to the authenticating category of images; andauthenticating the user when the password entry matches a referencepassword.
 12. The method for authenticating a user as recited in claim11, wherein the graphical images relate to sponsored messages oradvertisements.
 13. The method for authenticating a user as recited inclaim 11, wherein the password elements are formed of one or morealphanumeric characters or symbols.
 14. The method for authenticating auser as recited in claim 11, wherein the user is authenticated only whenthe password elements are entered by the user in a specific sequence.15. The method for authenticating a user as recited in claim 11, whereinthe user is authenticated regardless of the order in which the passwordelements are entered by the user.
 16. The method for authenticating auser as recited in claim 11, wherein the device display is for a Webenabled computer or mobile device.
 17. The method for authenticating auser as recited in claim 11, wherein the series of one or more graphicalimages is static and presented again during a subsequent authenticationprocess.
 18. A computer program product bearing machine readableinstructions to carry out the method for authenticating a user asrecited in claim
 11. 19. A computer system having a computer readablemedium that stores a computer program with machine readable instructionsfor carrying out the method for authenticating a user as recited inclaim
 11. 20. A graphical interface for user authentication andadvertising comprising: a dynamic graphical image grid having aplurality of advertisements selected from an authenticating category ofadvertisements and a non-authenticating category of advertisements,wherein each of the advertisements includes a corresponding passwordelement, and wherein at least one password element forms at least partof an authentication password.
 21. The graphical interface as recited inclaim 20, wherein the dynamic graphical image grid is configured as athree by three grid.
 22. The graphical interface as recited in claim 20,wherein the authenticating category of advertisements is selected by auser during an enrollment process.
 23. The graphical interface asrecited in claim 20, wherein the plurality of advertisements arerandomly arranged within the dynamic graphical image grid.
 24. Thegraphical interface as recited in claim 20, wherein the plurality ofadvertisements are different during each rendering of the dynamicgraphical image grid, and wherein password elements fore eachadvertisement are different during each rendering of the dynamicgraphical image grid.
 25. The graphical interface as recited in claim20, wherein the positioning of the plurality of advertisements withinthe dynamic graphical image grid are different during each rendering ofthe dynamic graphical image grid.